| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-12926 | Codezips Project Management System advanced.php sql injection | Codezips | Project Management System | Medium | 6.3 | 2024-12-25 20:00:15 | Deep Dive |
| CVE-2024-10548 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2024-12-19 01:45:14 | Deep Dive |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability | weDevs | WP Project Manager | 中危 | - | 2024-12-13 14:24:04 | Deep Dive |
| CVE-2024-55886 | OpenTelemetry Logs source may lack authentication with some custom plugins | opensearch-project | data-prepper | Medium | 6.9 | 2024-12-12 19:25:44 | Deep Dive |
| CVE-2024-50339 | GLPI vulnerable to unauthenticated session hijacking | glpi-project | glpi | 中危 | - | 2024-12-11 17:48:42 | Deep Dive |
| CVE-2024-48912 | GLPI vulnerable to authenticated insecure account deletion | glpi-project | glpi | 中危 | - | 2024-12-11 17:03:10 | Deep Dive |
| CVE-2024-47761 | GLPI vulnerable to account takeover via the password reset feature | glpi-project | glpi | 中危 | - | 2024-12-11 17:00:49 | Deep Dive |
| CVE-2024-47760 | GLPI vulnerable to account takeover via API | glpi-project | glpi | 中危 | - | 2024-12-11 16:56:58 | Deep Dive |
| CVE-2024-47758 | GLPI vulnerable to account takeover without privilege escalation through the API | glpi-project | glpi | 中危 | - | 2024-12-11 15:50:22 | Deep Dive |
| CVE-2024-12326 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau | Jirafeau project | Jirafeau | Medium | 6.1 | 2024-12-06 20:50:51 | Deep Dive |
| CVE-2024-12231 | CodeZips Project Management System index.php sql injection | CodeZips | Project Management System | High | 7.3 | 2024-12-05 16:00:18 | Deep Dive |
| CVE-2024-53982 | Arbitrary file download in Zoo-Project Echo Example | ZOO-Project | ZOO-Project | 中危 | - | 2024-12-04 22:20:54 | Deep Dive |
| CVE-2024-12015 | SQL Injection in WordPress Project Manager Plugin | WeDevs | WP Project Manager | High | 7.7 | 2024-12-02 13:23:50 | Deep Dive |
| CVE-2024-53008 | HAProxy 安全漏洞 | HAProxy Project | HAProxy 2.6 | - | - | 2024-11-28 02:10:44 | Deep Dive |
| CVE-2024-54004 | Jenkins Plugin Filesystem List Parameter 路径遍历漏洞 | Jenkins Project | Jenkins Filesystem List Parameter Plugin | 中危 | - | 2024-11-27 17:03:52 | Deep Dive |
| CVE-2024-54003 | Jenkins Plugin Simple Queue 跨站脚本漏洞 | Jenkins Project | Jenkins Simple Queue Plugin | 高危 | - | 2024-11-27 17:03:51 | Deep Dive |
| CVE-2024-10520 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 5.3 | 2024-11-20 11:33:11 | Deep Dive |
| CVE-2024-43416 | GLPI vulnerable to enumeration of users' email addresses by unauthenticated user | glpi-project | glpi | High | 7.5 | 2024-11-18 16:27:06 | Deep Dive |
| CVE-2024-38370 | GLPI allows API document download without rights | glpi-project | glpi | Medium | 5.3 | 2024-11-15 21:12:57 | Deep Dive |
| CVE-2024-45611 | GLPI has a stored XSS at src/RSSFeed.php | glpi-project | glpi | Medium | 5.7 | 2024-11-15 20:16:18 | Deep Dive |